Behavioral task
behavioral1
Sample
NEAS.e00591e11945cb9f1f96a388a4526e65.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.e00591e11945cb9f1f96a388a4526e65.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.e00591e11945cb9f1f96a388a4526e65.exe
-
Size
4.5MB
-
MD5
e00591e11945cb9f1f96a388a4526e65
-
SHA1
76220a1bba2340c51a6c605512e056a37b59aa72
-
SHA256
bb616d18c7bf997bbb8cf1944d94326ad26ff01c948f65aa2656ae8f0fa04b0c
-
SHA512
87002155f292d18c20512aff14d1dde303ed57b362afa6637b86f6cdbe92f3a0a1f263e36190bb96736724ef3cf4a0cf55d9f1d7bf3919ee31ff29ee017c8896
-
SSDEEP
98304:1hTWVDBzcjgBNXcolMZ5nNxvM0oLoPKnllYUugyKwdC:15WVDBzcjgBNXcolMZ5nNxvM0oLo6YTC
Malware Config
Signatures
-
Berbew family
-
Malware Backdoor - Berbew 1 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.e00591e11945cb9f1f96a388a4526e65.exe
Files
-
NEAS.e00591e11945cb9f1f96a388a4526e65.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.flh Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ